Citrix addressed multiple vulnerabilities in Citrix Endpoint Management (XenMobile) that can be exploited by an attacker to gain administrative privileges on affected systems. The company did not provide technical details on the addressed vulnerabilities but revealed that it pre-notified CERTs and customers on July 23. The flaws were reported by Andrey Medov of Positive Technologies, Glyn Wintle of Tradecraft, and Kristian Bremberg of Detectify. Experts pointed out that the flaws arent trivial to exploit, in order to exploit the issue the attackers need to access target network.”]
Source: https://securityaffairs.co/wordpress/107040/security/citrix-xenmobile-flaws.html